diff --git a/bin/update_sops.sh b/bin/update_sops.sh
index f218dfe..0c2804e 100755
--- a/bin/update_sops.sh
+++ b/bin/update_sops.sh
@@ -7,16 +7,18 @@ set -euo pipefail
 keyfiles_dir="$(realpath $(dirname "${BASH_SOURCE[0]}")/..)"
 # assume location of secrets config file in pwd
 sops_config_dir="${PWD}"
+# optional: secrets files to be updated
+secrets_file_list=()
 
 while (( $# >= 1 ));do
   cur="${1}";
   case $cur in
     -k|--key|--keyfiles) keyfiles_dir="${2}"; shift ;;
     -c|--config_dir) sops_config_dir="${2}"; shift ;;
+    *) secrets_file_list+=( "${cur}" )
   esac
   shift;
 done
-secrets_file="${1:-0}"
 
 keyfiles_dir="$(realpath "${keyfiles_dir}")"
 test -d "${keyfiles_dir}" || (echo "E: specify dir containing keyfiles; invalid dir: '${keyfiles_dir}'" && exit 1)
@@ -24,8 +26,10 @@ sops_config_dir="$(realpath "${sops_config_dir}")"
 test -d "${sops_config_dir}" || (echo "E: specify dir containing .sops.yaml, invalid dir: '${sops_config_dir}'" && exit 1)
 sops_config="${sops_config_dir}/.sops.yaml"
 test -e "${sops_config}" || (echo "E: could not locate .sops.yaml, tried ${sops_config}" && exit 1)
-if [[ "${secrets_file}" != "0" ]]; then
-  test -e "${secrets_file}" || (echo "E: could not locate .sops.yaml, tried ${secrets_file}" && exit 1)
+if [[ "${#secrets_file_list[@]}" != "0" ]]; then
+  for secrets_file in "${secrets_file_list[@]}"; do
+    test -e "${secrets_file}" || (echo "E: could not locate file with secrets, tried: ${secrets_file}" && exit 1)
+  done
 fi
 # /OPTIONS AND ARGPARSING
 
@@ -116,8 +120,10 @@ fn_sops_updatekeys_and_verify(){
   # verify: dump secrets, GPG_TTY src: https://www.varokas.com/secrets-in-code-with-mozilla-sops/
   GPG_TTY=$(tty) sops -d "${sops_enc_file}"
 }
-if [[ "${secrets_file}" != "0" ]]; then
-  fn_sops_updatekeys_and_verify "${secrets_file}"
+if [[ "${#secrets_file_list[@]}" != "0" ]]; then
+  for secrets_file in "${secrets_file_list[@]}"; do
+    fn_sops_updatekeys_and_verify "${secrets_file}"
+  done
   echo "# SUCESS: all users with keys in this dir should have functional keys"
 else
   echo "# WARN: no secrets file passed in, make sure to call 'sops updatekeys' on secrets files"
diff --git a/example/cmd_sops.sh b/example/cmd_sops.sh
index 41e401b..0085e34 100755
--- a/example/cmd_sops.sh
+++ b/example/cmd_sops.sh
@@ -12,3 +12,4 @@ test -e "${secrets_file}" || (yq -n '.demo.credentials.secret = "hunter2"' > "${
 set -x
 # ../bin/update_sops.sh -k "${keys_dir}" -c "${sops_cfg_dir}" "${secrets_file}"
 ../bin/update_sops.sh "${secrets_file}"
+# test: uncomment, expect: error # ../bin/update_sops.sh "${secrets_file}" secrets.yaml